tv Key Capitol Hill Hearings CSPAN August 13, 2015 1:00pm-2:01pm EDT
national security, the most striking thing to me is the attention to the internet. the internet is there. it comes out starting in the 1970's. it becomes relatively robust in the 1980's. it is all there, that we do not see it except in retrospect. there is a wonderful book called "everything is obvious once you ."ow the answer in retrospect, we can see all of this, but in process, it is extreme relevant to the world we are dealing with here. can point to- i the fact that i know something about the pace of technology change. canow the transition that ingunpowder will continue accelerating kinds of ways and i know there are a huge variety of actors and actions out there that will occur and the society
is becoming ever more dependent on these things, but i cannot say a lot more. though, when i am concerned about as a national security analyst, and what policymakers ought to be concerned about. very particularly, i am concerned about the destruction andocial properties -- things like the financial system , power companies, and the like, that provide a back for our capabilities -- backbone for our capabilities and i'm concerned about how things may evolve for individuals apart from the state. my first reaction as the internet of things evolved ever further was that this fromsented a set of risks a national security standpoint -- was i concerns, could hack my refrigerator or cause an individual automobile accident,
but if i am a terrorist groups like isis and i want to create havoc, lack of trust, indeterminacy, and other contexts in america, maybe if i can make people very unsure about the safety of their automobiles by periodically causing them to wreak havoc, i could achieve political fans in ways that i care about -- political ends in ways that i care about. there is a sense of the problem. at this point you may feel a little bit like this is just too much in some dimensions to come out from a policy standpoint, but clearly it needs to be thought about. among the other parts of my background, i was at one point a supreme court clerk working not for a supreme court justice, and another supreme court justice, besides the one that i was working for, justice douglas, who was
well-known as a misanthropic, sort of, guy. he kind of love mankind in abstract, but hated the rest of us. telling a story about his father, which was quite illustrative, said his father was a minister who wandered around the pacific northwest and one day he mounted his help it, looked out at his audience, and found just one guy sitting out there and he said to that guy do you really want me to go ahead with this service. the guy looked up at him and justice douglas said the cowboy said well, preacher, i'm just a toly cow hand, but if i went the field and -- to feed 40 horses and found just one, i would not let the horse go angry, so he decided to give whole service, sermon, prayers,
hymns, walked to the back, shook hands with the congregation of one and the cowboy shook hands with him. he proceeded to wander off to his father could not stand it, and yelled, how did you like that, and the preacher said how would you like that -- i am just a lonely cow hand, but if i went out to feed a field of horses and found just one, i what not dump the whole load -- i would not dump the whole load on him. [laughter] past wringingt our hands and saying i have contributed some. i think we need to get at the -- anduses and give the i will be you a summary that represents an abstraction of the phenomenon of the odd complexity of these systems. the microsoft operating system -- they do not reveal the number
of lines of code. ballpark -- 50 million lines of code. i asked that major corporate financial company person to estimate for me how many lines of code is company maintains and he is responsible for. answer -- one trillion. these systems are, as others have observed, the most complex kinds of systems we have invented, and that means we have extraordinary difficulty observing them, extraordinary difficulty enabling us to comprehend what is happening within them, and they have exceptional vulnerability. if you take the notion of -- the stark notion of one bug for every thousand lines of code, the bug does not equal vulnerability, but it gives us some sense of what is involved when you try to write out 50 million lines of code. in fact, in conveying to policymakers this point, which is extremely important, i think,
their first intuition is you guys created this problem. it is a technology problem. fix it. either you were to, if i am a right-wing politician -- you are too much about your piece-loving hippies who did not care enough about security, or if i may left wing politician, you guys are to capitalists who wanted get the software out the door because that is what you got paid for and you did not care enough. i say to them, think about something in the world you know -- the u.s. tax code. the u.s. tax code is 4 million words. rightly a tax code that does not have any loopholes. -- write me a tax code that does not have any loopholes. you might suggest they are writing tax codes with the intention of loopholes, but if you write a 4 million document -- word document and you give me an army of lawyers struggling to find vulnerabilities in the document, i will find them.
understand you cannot create something of that level of complexity without having these kinds of errors. now give me 50 million lines of code, which are, of course, even less observable to the author. and never, you understand, if you reflect on it, this is a mass production operation. it is not like some single person in microsoft since their 50 million lines of code and comprehensive. nobody comprehends it. it is put together as a variety of different things. do not think there is a technical answer to this readily available at the scale and complexity that we need it. when you look beneath admiring the problem and start to analyzing it, it it is compounded by the phenomenon of extensibility. an adobe work with system, etc., etc., and that interactive affect will create complexity beyond anything my own system did, even if i could
somehow generate my own system. it is like the tax code has to work with a whole pal pay of -- panoply of different business laws and state laws. beyond that, i have a communications problem. the systems are designed to communicate. you understand that. you cannot believe to understand how novel that would have looked 40 or 50 years ago if you could go back. in the late-19 90's, the director of the cia, george tenet, safe with shock in shock in -- says with testimony in the senate, the enemy is on our system, our networks are open, and of course that is the case because of the nature of our communication. the more you let people in, the ine you connect functions up the more you enhance the risks associated with these complex systems. you understand how fundamental it is that we create this iveitative -- communicat
power. the system also transfers information -- take for example, snowden. peoplehistorically many like snowden -- people that come in and take documents, whatever their motives, and then hand them along. what is unique about snowden is 1.7 million documents. we are never in the history of espionage had anybody take 1.7 million documents, but it is a consequence of the fact that in these very complex and communicative systems, we transfer information, which is inherent in the virtues of the system. i want to create a world in which an analyst can get at information across a number of different domains. i want to have that ability. if i am right and power system, for example, i want to see the whole sound of transmission
lines and the like. or, if i am running a pipeline system, which valves are open and which valves are closed. i want, as it turns out, to collect information in the information age enables me to that. -- to do that. in -- the internet of things will expand my capability to that. we did was to collect some 29.9 million documents, including from me, that ran 100 pages, including favorites, foreign contacts, histories, embarrassing evidence, and the like, put it all in one place, and created so that anyone who hacked into the system could conveniently have it all, where as in a three cyber, predigital age, it was not that concentrated.
it enhances that capability. a smart man at microsoft invented the phrase disintermediation. one of the advantages of the digital world as we take human beings out of the loop. it is terrifically advantageous. if i started with people who are intermarried -- intermediaries in making my dinner reservations, travel reservations, buying my tickets, i feel frustrated as compared with digital opportunities to do that myself. on a larger, national scale, it is usually valuable in government that i democratize information or when i was secretary of the navy, introduced a internet system that had all kinds of technological advantages, saved all kinds of money. what i really valued was that i could empower somebody in the bureaucracy who needed a new aircraft part to simply see the inventory and order it up without going through the silo
of the warehousing people, the logistics people and the like, all of which held information as a source of power and created division within the organization. removing those human beings is alsoly beneficial, but it removes gatekeepers, guardians, people that might observe what is happening. wait a minute, somebody is excellent trading this financial a requestn, or i got notches for a new password, but 50 new passwords, or all these changes that human beings might observe. finally, these systems are amazingly flexible. we value the fact that our computers or laptops can do so many different kinds of things -- word processing, comedic munication, spreadsheets, etc.. the basic point i will -- communication, spreadsheets, etc.. the basic point i want to offer comes back to the title of the paper. this is poison fruit. this is not a luddite position i am taking.
there is no way to turn the clock back. i do not want to turn it back. we need to recognize that inherent in each -- each virtue that i have summarized along the side is the risk. that to the degree that i concentrated or communicate or take people out of the loop, etc. -- to the degree i buy the benefits of this technology and each and every one of those steps i introduced, security consequences give rise to greater risk. the virtue of the system is intertwined with its limitation, it's liability, and it's risk. that is fundamental. it is not just of the complexity of the system gives me these problems. one recent technology fixes new not just get me there is every time i buy more security i tend to do so in ways that involve some sacrifice of virtues. i want to spend a minute, having talked about software, just to
say a little bit about hardware. the hardware insecurities are quite real as well, and you are aware of that. an easy example i like to get his people think about supply chain and all kinds of sophisticated ways -- what is being made in china that goes into the f 35 or latest fire aircraft, etc.. what i am struck by his even if you preserve your whole system, if it turns on something you used to get -- the -- struck by is even if you preserve your whole system, something you used to power an adapter made with a is used for hacking your cell phone, the creative fundamental problem. the range of issues is andaordinarily gray here, from an espionage standpoint, i just would point out to you -- you are all familiar with the stoxx not experience. moves to as
particular set of frequency converters and the like because they became convinced that some foreign power had hacked into what they were buying to install in their nuclear establishment from abroad and they had to begin to produce their own stuff, which, then, of course, set them up for the ofnerabilities for some their own stuff and integrate -- introduced a variety of efficiencies. the global supply chain gives us a chance to forget more vulnerability associated with the hardware world and i want to show the sophisticated audience ais point by just giving you chance to reflect for a moment on a statistic you are not often horribly exposed to, -- probably exposed to, which is -- i want to ask a simple question with respect to the question of transistors. there is a nice, little cartoon that says -- this guy says "it
is time for us to spend more time with our children." he says to his wife, "how many do we have?" if you think about that as a problem, think about the transistor world and imagine the question, how many transistors are manufactured globally every second? i just want you to think about and i'm not going to embarrass you by having you stand up or embarrass me by thinking i already know the answer. when i first started thinking about this i did a back of the envelope calculation and the number was so unnerving for me that i managed to get some friends at intel to get to work on it and they commandeered the research department and came up with a number that was so disorienting that we had a final couple of hours of phone calls and agreed on a number.
i want you to think of the question -- how many transistors are manufactured worldwide per second. just as a measure of how well you understand this -- do you have your number in your head? every second, 14 trillion transistors. system,lexity of this the difficulty of policing it on the hardware side needs to be appreciated. then, of course, there is the human side. here is a nice picture of snowden. before snowden, we had manning. the openness of the system to third parties is striking at one of the leading theories is iranians thought they had the system air gaps. there was a distance between the centrifuge system and a software -- a physical difference. of course, all kinds of things happen -- patches come down. the system needs to be updated. contractors need to go in and one of the theories is maybe some contractor got infected,
brought in the virus, etc. if you are running a worldwide corporation, and aerospace corporation, for example, you have to integrate with all kinds of suppliers from all kinds of portions of the world and that then causes you to share information. lots of people have access to the information, huge problems, and even at those people are not at the level -- and the ability to manipulate these people is pretty great. if people have not read the book -- it is often possible to read that to realize that you, too, can be fooled with some clever social engineering. every system, when you look at having management problems, configuration problems outside of the software and hardware. i've given you my password example already. so, you are familiar with many of the efforts to deal with this -- the countermeasures are a
long history. we know we tried barriers in training, but we had fundamental problems with these. they leak very badly. the screening in the antivirals -- you are familiar with the set of issues, the dependency on existing signatures, the way the antivirals lag the attacks, the way many import vulnerabilities themselves and can be used as the basis for exploits. we have done a lot of hunting the vulnerabilities. it is nice to see the rise of that effort. i think it is going to produce some benefit, so is active defense. that monitoring the situation and the like yields limited benefit. we can create enclaves and encrypt to greater degrees -- a useful kind of thing, but again, the information needs to be shared and when we get into the sharing, we get into all kinds of vulnerabilities described in
the inherent software vulnerabilities that may exist. it is hard for me to believe, and when you talk to sophisticated inside operators, it is hard for them to believe that they cannot get into almost everything. if he really cared enough and had enough resources -- i talked to someone who makes a career of it. he goes around dealing with complex industrial systems. i asked him how many times he is unable to penetrate his client. he says it might have happened once. it is so unusual. the vice president for security at ogle has said in a -- at google in a public context has said when google organizes red teams they succeed getting in 60% of the time. they are thwarted 40% of the time. defending itself. i think we overstate the degree to which we can defend these systems and what happens is dorporations like to hire re
teams that affirm the qualities of the people that hired them so you do not wind up getting good penetration analysis, ultimately, about what serious attackers will do. i'll come back to the deterrence point. i want to know that what we are doing is raising the cost for attackers, not actually preventing them. ae of the things i did was ability hunting, exploit asked them tond i go back to their records and show me -- a rough indicator -- i'd not want to make too much of this. it is just illustrative. what has happened over time in terms of their production function for vulnerability discussion? how many researchers of medium quality they need to find vulnerabilities? basically, this
chart from 2006 2 2007 shows the production function and that it is gone harder to find possibilities as we get things ing and all-- fuzz kinds of things that are out there, but if one producer could research and find two significant among abilities in a year, and only finds a half -- that is to say it takes in two years to find it on average, we have significantly raise the cost for attackers. it is now four times is difficult as it was before by this rough, illustrative measure, but it just means if you hired four kaunda's many people, you can produce the same number of vulnerabilities -- hired four times as many people, you produce the same number of vulnerabilities. here is the report. every week we get a description
of substantial vulnerabilities. enjoyed by successes even,p-level people, or, the people that are not at the very end of the distribution and win the top prizes. you understand all of this. hopefully this way of conveying the problem and i want in my closing minutes to talk about my overview of how we can improve the situation given where we are. the fundamental proposition that emerges from this is presumed vulnerability. presumed digital vulnerability and in critical systems treat this as though it is contested inritory -- a phrase used some congressional testimony. create lean systems, that is one's with fewer attack surfaces, and recognize that this is poisoned fruit, go on a diet. ask yourself do i really need
this functionality because it is introducing vulnerability, and that does not just mean enclaves and the like. the easiest example for me is a printer. most people think they want a printer to print. it seems pretty evident. they do not think enough about what marrying the facts capability with printing capability does for the outside world. how about the fact that my printer has a bluetooth capability that enhances its vulnerability? how do i feel about memory in my printer? int people are buying memory their printer and do not want. i come back to the example of snowden. he could steal 1.7 million decades. how come he could copy them? could getwhy he access, but as an administrator, there is nothing that gave him the need to take the stuff out. as far as i can tell from the
outside, the answer to that is the nsa people are not dumb. they disable the computer enableity that would application, but snowden is not dumb, and he, with a it, soiver, re-enabled my question is why did it have a capability to begin with and the answer is because we buy standard computers with a huge range of capabilities and what we should be doing is we should be thinking about buying lean nes, slimming down the system. swe have to think about the version -- virtue of analog. one of the things frustrating about stocks that was it was not just a penetration of the systems that control the centrifuges. it was, and we know this from the public documentation, a
system that also deceived the iranian operators as to what was happening by plane back to them simply standard operation of centrifuges when, in fact, centrifuges were spinning out of control. fundamental design of this application is do not convert your situational observation capabilities and your safety systems to the same modality is your operating systems. had had a plain, old analog system that measured vibrations of centrifuges, and when the vibrations began to get out of control, sounded a physical alarms that rank, no digital attacker from a distance could've thwarted the system. maybe somebody could have gone in the room and disabled one, or five, or 10, but the centralization and the concentration of the digital system would have been offset by a plain, old analog system, or i
--e a friend that comes out where i have a friend that comes on the central intelligence world. he is paranoid. his paranoia leads into having video cameras were in the house, but being a smart guy, he is paranoid about his video cameras and worried that people from the outside world might tap into his cameras and observe everything in his house. putshat to see you -- he an index card next to the video cameras when he goes out so that if the camera is swiveled, the index card falls over. an analog system. all liens jesting is -- an analog system. need am suggesting is we to go through the system and where possible inserting analog capabilities. this is a back to the future prescription, but if you believe
, as i do, the digital systems are inherently insecure, you want this complementarity here. you also want to separate the systems so the contamination of one does not lead to others. you want clean the words of resilience terrorists, to decrease the amount of coupling, the degree of integration. i like having an apple system alongside a microsoft system simply because i have, then, some diversity of long abilities, or to use a phrase repeatedly used, i want to avoid a monoculture. i want to create resilience in the system. from a public policy standpoint, i ought to be saying hey -- there are some systems out there, the power system, the financial system that this country depends on so fundamentally that i am going to impose some degree of requirement on them that they measure often insecurity firms that they are what we recognize
in other arenas as too big to fail. we regulate our airline systems and we need to do similar things in the internet world. you have to recognize the speed of change, so you cannot come in my view, regulated by saying we , y, and z, it becomes to -- but when you do it it becomes to limiting. i would not have some overall zar impose it, and i would encourage them to use persuasion, subsidies, everything possible, including, ultimately, regulation, to get companies to the point where they provided a convincing case that they have done what they could to reduce the vulnerabilities they've ever supplied and the like. disaggregating the problem is very important.
we need to recognize the fundamental differences between different industries in this context. for example, the finance and the power industries are dramatically different in their business cases. i will come back to this point about the interaction between technology and its culture. if i run a finance company, i am being attacked all the time, every day, millions of times. i constantly refreshing my software, policing my boundaries. understand that my fundamental assets are digital. they are not physical, and i'm at the very cutting edge of software and the like. what i want from government is information about attacks and by and large i want them to help share that kind of information and i want them to leave me in a high degree of freedom. company, i amer not as used to these kinds of companies -- frequencies of attack. i have a much slower cycle of operation.
my financial base is regulated. i cannot pour money into it at any given time. i have an annual maintenance downtime period and i will react more slowly. i need a lot of basic education from the government about what is out there and some raising of my standards with regard to it. that is just an example. therefore, i am very inclined to push this problem within washington to reach of the relevant departments. enthusiasty much an about longer-term research and development in this arena. i have sketched why it is that i think the problems are inherent in the technology, but there are opportunities in terms of making encryption easier to use, something we had just talked about here, in terms of the use of formal languages to scale of our capabilities to provide more
protection and the basic design of our systems with the security focus would yield, i think, a lot more benefit. so, for example, i am the former secretary of the navy, so i say as the navy develops its next generation of submarine or destroyer, let's make it a national goal to say how will i design the system so as to reduce this -- the vulnerability, minimize the amount of poison fruit it consumes, maximize my use of analog and out of bound systems, maximize my use of formal language protection and key junctures, etc.. when i design the system i'm going to come up with something .ery different in the navy world, i wanted the captain to see it all. of course, in the digital age
that creates a company is a set of vulnerabilities. how would i design my ship fundamentally different, conceptually, if i take account of this. doings a product worth over the decades. my basic theme, pushing the analog notion was you guys are really good historically and safety analysis, regulation, and the like. you say, for example, that we need -- i will make up a number -- 10 different cooling capability so that if one or two, or three fail, i have the ability to bring in the others and when you get something african number, you think you have built in resilience and safety -- some other significant number, you thank you have the resilience and safety. you have created one failure
point. you need as regulators to recognize that. systems,we design new and we need to create good .hinking also because we care so much about the business culture, it is not just a technological problem, and the tendency is to invest in technology. more anyike many investment in the anthropology associated with the use of these systems. uses worth johnny does not encryption. we need to understand better what is going on within the systems. we need a better pool of attack information and i suggested in ast paper a year ago and
example of how this is done -- a private corporation in the faa will, the federal aviation world, recognized the faa collected data on all aerial accidents, but did not on near misses. it was a big issue. how do we share information about near misses. people said i'd not want the faa regulating it. they set up a private entity. in the beginning, one or two airlines cooperated. with time, ever-increasing numbers that and now it covers, essentially, all of the system. faa has a seat on the board, but does not control information. the faa -- the information is then shared more broadly. that is a readily achievable model. i do not need legislation and the like. i can move forward in that regard. power company's are beginning to do some of this. to add that i am
very concerned about the federal workforce and this is a example of how we might move in this context from the traditional ways of doing business, which historically those legacy systems are so embedded, the past is not dead, it is not even past. we have a set of federal hiring, training standards that are very ill adapted to the digital world that i just described. my suggestion is we could create a federally funding -- funded research and development corporation that is a private company. there are many such that already exists. i am on the board of one. i'm not pushing this for them, but just as a general proposition, we could create a new one that would be a place for people who are cyber-skilled to come together and be hired. how would you hire them?
i do not really care in the arena you work in some much about degrees and traditional credentials. actuallyre about finding vulnerabilities or dealing with other people's exploits. maybe i should hire winners who achieve in this context. what do i want to do in terms of training and the like -- i want to put these people together in a pool because so much that is learned is from hyundai job change. they learn from each other as peers. i want somebody who is cyber-skilled to run this. i want to make about putting this in silicon valley. why do i need it in washington? suddenly, i draw a different talent pool that i can tell you i think we desperately need. i want to conclude by talking andt norms and deterrence then i want to invite your questions. there is a lot of fuss now about
the challenges of our conflicts with the chinese, people indicted in pittsburgh from the pla -- the people's liberation army in china. we have obvious sources of i.t.ict over espionage and theft. the point i would make is we also have some areas of strategic stability. we have not yet states attack one another, to speak of, in the context of shutting down their power systems, undermining their financial systems, big, catastrophic kinds of things that i would be concerned about. i think we, and for example, china or russia, have common interests in avoiding that kind of warfare. it is just not good for either of us, ultimately. moreve us a slightly technical example, i do not think it serves either china or us to probe each other's nuclear
command and control networks with our espionage tools. why is that? --recognize we have system systems that have gone under the destroyedtually structures, med. ability toly has the strike first and we threaten destroying their missiles, they need to launch. if they know they have the ability to survive an attack -- even if we attack first, the situation will be more stable and they will be less likely to attacking a hair trigger weight. onthe whole system depends cyber systems and the system is inherently insecure and we are out there probing them and they are out there probing us, and the same tools that can be used for the espionage can be used for offense, i have now introduced insecurity in the world. i have worked -- moved from a world of mad to a world of mud,
unsure destruction. it is less stable. we can find our way towards some emergent norms that agree. there are certain kinds of things we will not do. we will have problems with this, challenges in negotiating it, enforcing them, and the like. we can talk about them if you like. the reality is when we entered the nuclear age we had no idea about arms control or how to do time weslowly over began to find our way toward some stability, and we thought about the men began to articulate them in norms, arms controls -- arms control agreements, and so forth and we need to the same thing in the cyber world. i have given you a real soup to nuts thing. it might be that i don't the wholeload -- dumped the
load on you, but i suggest that we all see it is a brave, new world combat but these changes of the equivalence of gunpowder over a -- world, but that these problems -- changes are the equivalence of gunpowder over a period of time. we need to analyze the core of our problems, and i've tried to give you a summary of that today, and to think not just about the kinds of incremental activities i've made reference to, but also, most fundamentally, to try to structure institutions, programs, and norms in light of our analysis in ways that can make us stronger. will we ever be completely protected and ok in this area? no, but we can improve our batting average quite significantly. i cannot guarantee performance or success in every single pitch that is thrown at me, but i know
how it is that i could get to a better world with a much higher success rate, a better batting average, and, boy, i would extraordinarily value that. i thank you all for not having gone out for haircuts and i invite your questions. thanks very much. [applause] [captions copyright national cable satellite corp. 2015] [captioning performed by the national captioning institute, which is responsible for its caption content and accuracy. visit ncicap.org] >> in about 20 minutes our road to the white house campaign coverage begins with jim webb at 2:00 p.m. eastern. later this afternoon, is a democratic candidate martin the former maryland governor pat we will follow both of those appearances with your calls and comment. our coverage continues tomorrow with florida -- former florida governor jeb bush.
while we wait to hear from jim webb, we will look at the speech earlier today taking off the event, mike huckabee, the former arkansas government. : let me begin with a recommendation. pork chop on a stick. trust me. it is what is for breakfast, lunch, dinner and a snack. i want to thank -- they think you to "the des moines register" for giving us this forum and for all of you to coming to listen to a politician talk. i think a lot of times you and i hear a lot of politicians talk. you hear a lot of people come to your city. this time 17 republicans are coming to iowa to ask for your vote and support in the caucuses. there will be a handful of democrats that will come as well. hillary probably is not going to come. she will e-mail in her
appearances. [laughter] i know thee: clinton's pretty well, i was born in hope, arkansas, the same town bill clinton was born in -- morning. people wonder how it is possible so many people would come from such a small town. the answer is i don't know, but what i do know for the republicans who are deciding how to vote, who to vote for, a lot of the questions are, is there anybody on our site that has a good opportunity to take on the clinton political machine? i am the only person who is ever done it because every election i ever ran in all, every time i did not just run and -- run against an opponent but the entire political apparatus the clintons had built over a 25-year period. i know many of you think the most democratic state in the country is massachusetts, maybe oregon, vermont, new jersey, but you would be wrong.
for the 1990's most democratic state in all of america was arkansas. and i was elected, i was only the fourth republican elected in 150 years. when i was elected lieutenant governor, i got the state capitol and they were so happy to see me being the only republican in the state capital that's my door was nailed shut from the inside. literally nailed shut. it stayed that way for my first 59 days for the elected governor of the state. that was my introduction to hardball politics the clinton political machine knows how to play. every time i was ever on the ballot, both bill and hillary clinton came and campaign for my opponent. i have never made -- been bitter about it, it made me a better candidate. i not only took them on, but i repeatedly beat them, and i lived to tell about it. that is why i am here today. [applause]
you will hear from the other side they have done such a great job running the country and the that the economy is in in a recovery. everywhere i go i do not save the economy is recovering. i talked to people whose economy is not recovering. last night i was at a piece of -- pizza ranch. of course i was. a guy comes up to me and is a contractor who owns a small business and does landscaping, and i was talking about a guy that i met in south carolina three weeks ago. a guy named mark. the guy i met at the fairfield inn in aiken, south carolina, at 6:00 in the morning. my team stays at the fairfield inn because it is a free -- cheap hotel with free internet and free breakfast.
we spend your campaign money by trying to be frugal. i am down there 6:00 in the morning for breakfast. mark is working the shift for the fairfield inn and strikes up a conversation. we get to talk -- talking. he is a college-educated accountant and three years ago he was working as an accounting in aiken, south carolina when the company closed down and should this all 300 jobs to mexico. 300 factory workers and front office people of which he was one all lost their jobs. now mark is working three part-time jobs and with three part-time jobs to does not make as much money as he used to make on the one job he once had and the factory. mark's story is the story of 5 million americans who have lost jobs in manufacturing the year 2000. 16,000 plants have closed since the year 2000. last night when i was talking to the landscape contractor and
-- in waulkie, he said i can really because that is fine. he's that i am working 100 hours a week. there are a lot of american sweating through their clothes every day, lifting heavy things, and they are not getting a lot to show for it. it used to be if you could just get through high school, get a good job and work hard you could take care of your family and work through the middle class. lord knows i was able to do that because of a hard-working dad who worked full-time -- two full-time jobs but could barely pay the rent on the orange brick house i lived on on 2nd street and hope, arkansas. i am not blue blood. my family did not come over on the mayflower. my family is blue-collar. we got jumped off the shores of georgia. my ancestry is not something that is all that noble.
my father always told me don't look very far of your family tree, there is some stuff you don't need to see. let me tell you why i love this country, because if the kid like me can grow up like i did with parents who never had the opportunities of a great education, my father never finished high school. his father did not end his father did not -- i am the first male who ever graduated heist will, much less went to college. if the kid like me can become the governor of estate and aspire to be the 45th president of the united states, this is an amazing place to live. [applause] and i am grateful to god to be in this country. i have a few years on me now. three grown children and five grandchildren. when people say why are you
running for president? sometimes i ask myself that. i can tell you why, because i want those five grandkids of mine to have the same hopes and opportunities. i want them to be optimistic about their country as i looked being, and i want them to believe america is the greatest nation on earth and believe that is true because it is true. we have to fight for it to be true again. i am not willing for us to be a second rate nation. i want us to have the best military, best economy and best and are of right and wrong morality that any country has ever had in history of polarization, and that is why i am running for president, because i want those rankings of mine to love america and have a great america to love. [applause] but if we are going to make the country great, we have to make some big changes. not little things.
we have to make some truly major changes like get the fair tax passed and quit punishing people for their work, and once and for all, get rid of the criminal enterprise known as the internal revenue service. be rid of them. [applause] let's get our military strong again where no one wants to fight with it. the bully in your school when you were a kid, and i hope it was not you, but the bully in your school only picked on the kids he thought he could beat. he never takes on a kid that was -- put the bully on his rear end. if we want to keep america from having to go to a war, it may
sound counterintuitive, but the best way to do it is to have the most robust, well-trained, well-equipped, best ever military in the history of the world that nobody on this globe once to ever pick a fight with. -- that wants to pick a fight with. when some people ask what is the most important issue facing this country? most people ask is if the economy or national security? is like asking me which wing of the air plane is most important? when i fly on the plane i like for both wings to be on their. just flies better. of course we have to get our economy going. people need to work, and we cannot work when taxation and litigation for -- creates migration and folks are getting the jobs in china, mexico, japan, south korea and indonesia but not the united states of america. i don't care i have jobs there but i sure as heck care if people miss country have good jobs that pay good wages and let them see them -- the family and let's them moved to the next ring on the rat -- ladder. we have to make that a focus. [applause] -- next ring on the ladder.
i will secure the border within the first year because we had to do something about letting our country become an open door where we no longer control our border. if you think it is resumption on my part to say i think we can secure the border in the first year, i'm here to tell you it can be done. 73 years ago we built bridge between british columbia and alaska. 1700 mile route and build it in less than a year. that was with the engineering capabilities of 73 years ago and the construction of the arctic winters of the north. of course we can secure the border, but you have to have a president that says i will do it and make sure it gets done, and i will be a president that gets it done. that is my commitment to this country. [applause]
even if we have both wings of the airplane, i also believe you have to have is doing mechanism, otherwise, without a steering mechanism two wings will fly it to the cash -- crash site. the steering mechanism has to be a strong, moral fiber that comes from what our founders said in the declaration of independence, and then here is to the laws of nature and laws of nature's god. let us never apologized for who we are as a country, a country that cannot be explained apart from the providence of god himself. -- no other explanation. other than his providence and intervention. if we are going to invoke his blessing, as we often do, and does not matter whether it is a democrat or republican running for president, here is something we always a at the end of her speeches, god bless you, and god
bless america. every democrat says it, every republican does it, but folks, i am not sure how we fully inspect to invoke god's blessing on this country if we continue the slaughter of unborn children in their mother's wounds, 60 million of whom has passed away since 1973. let's stop the slaughter. when i hear people say we will defund planned parenthood, wonderful, we should do it, but let's do more than that. it's not just ends funding for the nightmare, let's end the nightmare and make it so that when we asked god to bless us he can look down from heaven and say i will. i thank you very much, and i will take a few westerns for the remaining time i've got, which i probably will regret. this is called queuing day. questions and answers in your
world, but for me, it is called questions and avoidance. i will try not to do anything that will end my presidential aspirations today here at the soapbox. you, front row. >> [inaudible] mr. huckabee: how do we get it back to the growth rate? $11 trillion of capital is parked offshore. i guarantee you we will goose economy if you bring $11 trillion of working capital back to this country. and you stop punishing evil for working, saving and investing and quit rewarding people for making mistakes, which is the way we are operating now, we will transform the economy. we will bring manufacturing jobs back, because under the fair tax we will not be at the competitive disadvantage to make things. it is not enough for us to have a design and create things, we have to make the things we create.
right now we are designing things, creating things, but we are making them in china. what we need to do is make them here, but we can't because there is 22% and that attacks and everything we do here. it comes back cheaper than what we make. the first track -- the fair tax changes that and gives us the competitive edge to bring the manufacturing jobs back. we stopped the crazy regulatory environment. i have a contractor friend and has a great back on the back of his hard hat. it is true. it ought to be at least as hard to get welfare as it is to get a building permit. do you agree with that? [applause] yes, sir? >> [inaudible]
mr. huckabee: the question is, what we continue to fund things like the global fund? i have been to rwanda and seen the benefit of the mosquito nets we provide for about $10 to save thousands of lives. i think there are many humanitarian things we can do. we cannot fix everything the world. we cannot be the world's policeman. we have to get our own house in order. our own children and grandchildren will never be able to have the great america that can do great things around the world. that has to be job one. does not mean we won't care and want involved, but the number one goal is to make it so people in this country will have the kind of money they can contribute to the seven dollars mosquito net that save the children that are right not dying of malaria unnecessarily. let me pass this on. i think sometimes we fail to understand our involvement in
the world needs to be from the strengthen -- position of strength, not we. the one thing i am committed to that america will no longer be a nation that asks permission to speak or act. we will act in americans best interest and american workers best interest. we will make this country strong and make it so that wages in this country are worth something again, something that has not happened in 40 years when the bottom 9% of the economy has had geithner wages. that has to change. back here. >> [inaudible] mr. huckabee: she says i am a real art for -- campaign for arts education. i am. i am one of the only governors to mandate arts and education for k-12th. one in every three high school children drop out of school. you know why duck they are bored.
the reason a lot of kids are bored is because they are right brain dominant students, which means they are created in nature. they are the ones who create things like your iphone. but the problem is, if you put them in a traditional classroom be say to them, sit down and still and put your feet in front of you and listen to a teacher talked for 45 minutes, you lose them. they are dreaming all over the place. and aeater and dance paintbrush in their hands and you will change the outcome for these kids. live to theou back iowa state fair to hear from democratic residential candidate former senator jim webb. webb: thank you very much.